HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and HP-UX Mobile IPv6
Step 4: (Optional) Securing Payload Packets Routed Through the Home Agent
Appendix F 303
-priority
priority_number
The
priority_number
is the priority value HP-UX IPSec uses when
selecting a gateway IPsec policy (a lower priority value has a higher
priority). The priority must be unique for each gateway IPsec policy. The
range is 1 - 2147483647.
The priority must be lower than the priority for the policy configured for
the Mobile Node in “Step 2A: Return Routability Messages: Configuring
the Home Agent - Correspondent Node Gateway IPsec Policy” on
page 293.
-flags MIPV6
The flags must include MIPV6.
Step 4B: Payload Packets: Configuring the Home
Agent - Mobile Node Gateway IPsec Policy
The second gateway IPsec policy is for the data path segments between
the Home Agent and the Mobile Node. The syntax is similar to the
syntax used in the previous section (Step 4A: Payload Packets:
Configuring the Home Agent - Correspondent Node Gateway IPsec
Policy), with the following differences:
• The source and destination addresses are swapped
• You must specify the name of the tunnel policy between the Home
Agent and the Mobile Node for payload packets
(
payload_tunnel_name
). You configure this tunnel in the next
section (Step 4C: Payload Packets: Configuring the Home Agent -
Mobile Node Tunnel).
• You can specify the homeclear argument, which specifies that
HP-UX IPSec will not secure packets to the Mobile Node when the
Mobile Node is attached to the specified home link (interface_name).
Using the homeclear argument provides better performance when
the Mobile Node is attached to the home link.
•The
priority_number
must be greater (lower priority) than the
policy configured in “Step 2B: Return Routability Messages:
Configuring the Home Agent - Mobile Node Gateway IPsec Policy” on
page 295.